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THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
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DETAILED ACTION 



1 . Applicant's arguments filed 3/25/04 have been fully considered but they are not 
persuasive. 

2. The Applicant argues that neither Anderson, Vance, or Musgrave describe or 
suggest, storing results of the verification in an activity log in a central service and 
allowing specified users to access the results. 

3. The Applicant further argues that a reference used, Musgrave, teaches away 
from the present invention. 

4. The Applicant pointed out that the PTO-1449 hah not been initialed and returned. 
The Examiner has supplied a copy of the PTO-1449 initialed and signed on 12/14/02. 



5. In response to applicant's arguments against the references individually, one 
cannot show nonobviousness by attacking references individually where the rejections 
are based on combinations of references. See In re Keller, 642 F,2d 413, 208 
USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 
1986). 

6. In response to applicant's argument that there is no suggestion to combine the 
references, the examiner recognizes that obviousness can only be established by 
combining or modifying the teachings of the prior art to produce the claimed invention 
where there is some teaching, suggestion, or motivation to do so found either in the 
references themselves or in the knowledge generally available to one of ordinary skill in 



Response to Arguments 
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the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988) and In re 
Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992). 

7. The Applicant's application can be paraphrased to a transaction utilizing a credit 
card. The first step is the authentication of the credit card at the time of charging the 
items purchased to the credit card. The credit card magnetic strip is read and then sent 
to a central service, which could be either an Automated Clearing House or an 
Electronic Data Exchange, which validates the information and returns the results to the 
first service that requested it. The specifics of the transaction are recorded in an activity 
log to be used for the end of the billing period cycle of payment request and account 
reconciliation. 

8. Anderson teaches about a computer-based data storage, manipulation, access 
and retrieval system, such as an accounting system. Col. 12, lines 40-55. Anderson 
further discloses the concepts of public key cryptography and its various uses involving 
transactions. Anderson provides examples involving electronic checking, loan 
applications, medical records and electronic contracts. Each of these incorporate the 
limitations of the present application and delineate the receiving a request for service, 
verifying the requestor/or user, sending a results back to the requestor, manipulating the 
transaction data for future accounting, and it is old and well known that only specified 
users can have access to checking accounts, loan accounts, medical records, and 
electronic contract accounts, 

9. Anderson provided the conceptual framework presented by the Applicant. To 
demonstrate that storing results of an activity in a central location that communicates 
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with each of a plurality of different locations, and allowing specified users to access said 
results, is old and well known to persons having ordinary skill in the art, Vance was 
provided. 

10. To demonstrate that it is old and well known in the art to receive a request to 
verify the use of a digital credential by a user of a digital credential, the digital credential 
being a digital security mechanism associated with the user's identity, the reference 
Musgrave was provided. The biometric certificates by definition are digital credentials of 
individuals. Musgrave further illustrates the receiving a request to verify, verifying the 
digital credential, sending results, storing the results and allowing restricted access. 

1 1 . The Applicant states that Musgrave teaches away from the present combination 
but it does not appear that the Applicant substantiates the statement. As previously 
presented, Anderson is the primary reference with the other references provided to 
demonstrate that the specifics of a concept taught by Anderson is old and well known 
to that person having ordinary skill in the art. As stated, one cannot show 
nonobviousness by attacking references individually where the rejections are based on 
combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 
1981); In re Merck & Co., 800 F.2d 1091 , 231 USPQ 375 (Fed. Cir. 1986). 

1 2. The Applicant submits that account identification information is distinct from 
digital credentials associated with a user's identity. However, the claim is presenting a 
notification procedure. The Examiner submits that the notification of the activity in an 
account would occur whether the identity of the user was an account id , a digital 
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credential or any other form used to identify an individual/account. Goldsmith 
specifically addresses the concept of electronic notification of an account activity. 

1 3. The Applicant submits as per claim 42 that the combination of Goldsmith and 
Musgrave fails to describe processing use information for a digital credential as claimed. 
The Examiner directs the Applicant to the Office Action section of the 103(a) rejection of 
claims 42-44. Musgrave is not a specified reference in the rejection. 

14. The Applicant submits that as per claim 53, that neither of the references 
Anderson, Goldsmith, Sudia, and Musgrave describe or suggest the limitations. Sudia 
and Musgrave are not specified as references in the limitation rejection of claims 53-56. 
The subsequent discussion regarding Sudia appears moot, since Sudia was not used in 
the rejection. 



1. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 



2. Claims 1-8, 10,12-18,20,22-37,39,41,45,47 are rejected under 35 

U.S.C. 103(a) as being unpatentable over Anderson et al. US 6,021,202 [Anderson 

202], Vance et ai.-U.S. 6,442,526 [Vance 526] and in further view of Musgrave U.S. 



15. 



Claim Rejections - 35 USC § 103 



6,105,010 [Musgrave 010]. 



Application/Control Number: 09/608.402 
Art Unit: 3621 



Page 6 



As per claims 1,13,23,30,32: 
Anderson [202] teaches: 

verifying a use of a digital credential by a user of a digital credential, at any of a 
plurality of different locations where the digital credential can be used; Col. 6, lines 42- 
54. Anderson [202] discloses the claimed invention except for the storing a result of the 
verification in an activity log in a central location that communicates with each of said 
plurality of different locations; and allowing specified users to access said result. 
However, Anderson [202] does disclose, "... send bank statements ... which reflects 
events of the transaction..." Col. 6, lines 5-58. 

Vance '526 teaches that it is known in the art to provide storing the result of the 
verification in an activity log in a central location that communicates with each of said 
plurality of different locations; and allowing specified users to access said result. Col, 
12,13,14. 

It would have been obvious to one having ordinary skill in the art at the time the 
invention was made to provide the detail in Anderson '202 about storing a result of the 
verification in an activity log in a central location that communicates with each of said 
plurality of different locations; and allowing specified users to access said result as 
taught by Vance '526, in order to clarify the generation and use of bank/transaction 
statements. 

Anderson [202] discloses the claimed invention except for the receiving a request 
to verify a use of a digital credential by a user of a digital credential, the digital credential 
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being a digital security meclianism associated witli the user's identity, the use occurring 
at a first of a plurality of different services where the digital credential can be used. How 
ever, Anderson '202 does teach about security and authentication techniques and 
aspects in reference to conducting transactions. Col. 26-27. Musgrave' 010 teaches that 
it is known in the art to receive a request to verify a use of a digital credential by a user 
of a digital credential, the digital credential being a digital security mechanism 
associated with the user's identity, the use occurring at a first of a plurality of different 
services where the digital credential can be used. Col. 3-4. It would have been obvious 
to one having ordinary skill in the art at the time the invention was made to provide the 
security/authentication process of Anderson *202 with the biometric certification process 
of Musgrave '010, in order to enhance the security of a transaction. 

As per claims 2,14,24,31: 

Anderson [202] discloses the claimed invention except for storing transaction 
information in the activity log. However, Anderson [202] does disclose, "... send bank 
statements ... which reflects events of the transaction..." Col. 6, lines 5-58. Vance '526 
teaches storing transaction information in the activity log. Col. 12,13,14. It would have 
been obvious to one having ordinary skill in the art at the time the invention was made 
to store the results of a transaction so that at a later time a bank/transaction statement 
could be generated. 
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As per claims 3,15,25,28,33,47: 
Anderson [202] further discloses: 

wherein the transaction information includes at least one of a message that was 
signed using a digital signature key of the digital credential, a value of a transaction, an 
online service, an Internet protocol (IP) address, a date of the transaction and a time of 
the transaction. Col. 25, lines 64-67, Col. 26, lines 1-35. 

As per claim 4,16: 

Anderson [202] discloses the claimed invention except for generating an activity 
report from the activity log, wherein the activity report lists the stored results. However, 
Anderson [202] does disclose, "... send bank statements ... which reflects events of the 
transaction..." Col. 6, lines 5-58. It would have been obvious to one having ordinary skill 
in the art at the time the invention was made to store the results of a transaction so that 
at a later time an activity report from the activity log [a bank statement] could be 



As per claims 5,17,34: 
Anderson [202] further discloses: 

associating a name to a digital signature key of the digital credential, wherein the 
activity report lists the name of the digital signature key. Fig. 6, Col. 25, lines 64- 
67, Col. 26, lines 1-35. 



generated. 
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As per claim 6,35: 

Anderson [202] discloses the claimed invention except for wherein generating the 
activity report includes generating the activity report upon request by an owner of the 
digital credential. However, Anderson [202] does disclose, "... provide statements or 
reports to the payer and the payee..." Col. 30, lines 19-29. It would have been obvious 
to one having ordinary skill in the art at the time the invention was made to generate an 
activity report based upon the request by an owner (payee/payer) of the digital 
credential. 

As per claim 7,36: 

Anderson [202] discloses the claimed invention, as discussed above, except for 
the step of wherein generating the activity report includes generating the activity report 
each time the digital credential is verified. It would have been an obvious matter of 
design choice to modify the teachings of Anderson [202], to provide the step of wherein 
generating the activity report includes generating the activity report each time the digital 
credential is verified. Since the applicant has not disclosed that generating the activity 
report includes generating the activity report each time the digital credential is verified 
solves any stated problem in a new or unexpected way or is for any particular purpose 
which is unobvious to one of ordinary skill and it appears that the claimed feature does 
not distinguish the invention over similar features in the prior art since, the teachings of 
Anderson [202] will perform the invention as claimed by the applicant with any method, 
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means, or product to generate an activity report that includes generating the activity 
report each time the digital credential is verified. 

As per claim 8,37: 

Anderson [202] discloses the claimed invention, as discussed above, except for 
the step of generating a report periodically. It would have been an obvious matter of 
design choice to modify the teachings of Anderson [202], to provide the step of 
generating a report periodically. Since the applicant has not disclosed that generating a 
report periodically solves any stated problem in a new or unexpected way or is for any 
particular purpose which is unobvious to one of ordinary skill and it appears that the 
claimed feature does not distinguish the invention over similar features in the prior art 
since, the teachings of Anderson [202] will perform the invention as claimed by the 
applicant with any method, means, or product to generating a report periodically. 

As per claims 10,20,39: 

Anderson [202] discloses the claimed invention except for wherein generating the 
activity report includes listing activity for a plurality of digital, signature keys associated 
with the owner and wherein said allowing compromises allowing said user to view all 
reports, but allowing each said delegate to view only their own activity reports for other 
delegates. However, Anderson [202] does disclose, "... provide statements or reports to 
the payer and the payee..." Col. 30, lines 19-29. 
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Vance '526 teaches that it is known in the art to generate an activity report which 
includes activity reports of the delegates of the user and wherein said allowing 
comprises allowing said user to view all reports, but allowing each said delegate to view 
only their own activity report, and not allowing each said delegate to view reports for 
other delegates. Col. 12,13,14. 

It would have been obvious to one having ordinary skill in the art at the time the 
invention was made to provide the detail in Anderson '202 about generating an activity 
report which includes activity reports of the delegates of the user and wherein said 
allowing comprises allowing said user to view all reports, but allowing each said 
delegate to view only their own activity report, and not allowing each said delegate to 
view reports for other delegates as taught by Vance '526, in order to maintain the 
integrity of the tracking/reporting system. 

As per claims 12,22,41: 

Anderson [202] discloses the claimed invention except for generating an activity 
report which includes activity reports of the delegates of the user and wherein said 
allowing comprises allowing said user to view all reports, but allowing each said 
delegate to view only their own activity report, and not allowing each said delegate to 
view reports for other delegates. However, Anderson [202] does disclose, "... provide 
statements or reports to the payer and the payee..." Col. 30, lines 19-29. 
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Vance '526 teaches that it is known in the art to generate an activity report which 
includes activity reports of the delegates of the user and wherein said allowing 
comprises allowing said user to view all reports, but allowing each said delegate to view 
only their own activity report, and not allowing each said delegate to view reports for 
other delegates. Col, 12,13,14. 

It would have been obvious to one having ordinary skill in the art at the time the 
invention was made to provide the detail in Anderson *202 about generating an activity 
report which includes activity reports of the delegates of the user and wherein said 
allowing comprises allowing said user to view all reports, but allowing each said 
delegate to view only their own activity report, and not allowing each said delegate to 
view reports for other delegates as taught by Vance *526, in order to maintain the 
integrity of the tracking/reporting system. 

As per claim 18: 

Anderson [202] discloses the claimed invention, as discussed above, except for 
the step of wherein the computer-executable instructions cause the computer to 
generate the activity report upon receiving a request by an owner of the digital 
credential, and wherein said allowing comprises allowing said user to view all reports, 
but allowing each said delegate to view only their own activity report, and not allowing 
each said delegate to view reports for other delegates. 



teachings of Anderson [202], to provide the step of generating the activity report upon 



It would have been an obvious matter of design choice to modify the 
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receiving a request by an owner of the digital credential, periodically, or when the digital 
credential is verified. 

Vance '526 teaches that it is known in the art to generate an activity report which 
includes activity reports of the delegates of the user and wherein said allowing 
comprises allowing said user to view all reports, but allowing each said delegate to view 
only their own activity report, and not allowing each said delegate to view reports for 
other delegates. Col. 12,13,14. 

It would have been obvious to one having ordinary skill in the art at the time the 
invention was made to provide the detail in Anderson '202 about generating an activity 
report which includes activity reports of the delegates of the user and wherein said 
allowing comprises allowing said user to view all reports, but allowing each said 
delegate to view only their own activity report, and not allowing each said delegate to 
view reports for other delegates as taught by Vance *526, in order to maintain the 
integrity of the tracking/reporting system. 

As per claim 26: 

Anderson [202] discloses the claimed invention except for comprising an owner 
database to store information of an owner of the digital credential and owner-approved 
delegates and wherein said communication element allows said owner to view all 
reports, but allows each said delegate to view only their own report, and not reports for 
other delegates. However, Anderson [202] does disclose , "... memory may contain 
certification information..." Col. 12, lines 57-65. 
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Vance *526 teaches that it is known in the art to have an owner database to 
store information of an owner of the digital credential and owner-approved delegates 
and wherein said communication element allows said owner to view all reports, but 
allows each said delegate to view only their own report, and not reports for other 
delegates. Col. 12.13.14. 

It would have been obvious to one having ordinary skill in the art at the time the 
invention was made to provide the detail in Anderson '202 about generating an activity 
report which includes activity reports of the delegates of the user and wherein said 
allowing comprises allowing said user to view all reports, but allowing each said 
delegate to view only their own activity report, and not allowing each said delegate to 
view reports for other delegates as taught by Vance '526, in order to maintain the 
integrity of the tracking/reporting system. 

As per claim 27: 

Anderson [202] discloses the claimed invention except for a first data field to 
store a result from a verification of a digital credential by a user of a digital credential at 
any of a plurality of different locations where the digital credential can be used. 
However, Anderson [202] does disclose , '*... send bank statements ... which reflects 
events of the transaction..." Col. 6, lines 5-58. It would have been obvious to one having 
ordinary skill in the art at the time the invention was made to store a result from a 
verification of a digital credential by a user of a digital credential at any of a plurality of 
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different locations where the digital credential can be used allowing specified user's to 
access said results so that at a later time [a bank statement] could be generated. 

Anderson [202] discloses the claimed invention except for a plurality of data 
fields to store transaction information relating to each verification result in a central 
location that communicates with each of said plurality of different locations; and a data 
access structure, allowing specified user's to access said results. Vance '526 teaches 
that it is known in the art to provide a plurality of data fields to store transaction 
information relating to each verification result in a central location that communicates 
with each of said plurality of different locations; and a data access structure, allowing 
specified user's to access said results. Col. 12,13,14. 

It would have been obvious to one having ordinary skill in the art at the time the 
invention was made to provide the detail in Vance '526 about a plurality of data fields to 
store transaction information relating to each verification result in a central location that 
communicates with each of said plurality of different locations; and a data access 
structure, allowing specified user's to access said results as taught by Vance *526, in 
order to maintain the integrity of the tracking/reporting system. 

As per claim 29: 

Anderson [202] discloses the claimed invention except for the data structures 
further include a plurality of data fields to store owner and delegate information. 
However. Anderson [202] does disclose , "... memory may contain certification 
information..." Col. 12, lines 57-65. It would have been obvious to one having ordinary 



# 
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skill in the art at the time the invention was made to have memory that could hold the 
data structures that include a plurality of data fields to store owner and delegate 
information to provide a complete list of who is authorized to use the certificate . 

As per claim 45: 
Goldsmith'990 further discloses ; 

wherein the use information includes transaction information. Col. 8, lines 1-27 

Anderson [202] discloses the claimed invention except for allowing comprises 
allowing said user to view all reports, but allowing each said delegate to view only their 
own activity report, and not allowing each said delegate to view reports for other 
delegates. However, Anderson [202] does disclose , "... provide statements or reports to 
the payer and the payee..." Col. 30, lines 19-29. 

Vance *526 teaches that it is known in the art to wherein said allowing comprises 
allowing said user to view all reports, but allowing each said delegate to view only their 
own activity report, and not allowing each said delegate to view reports for other 
delegates. Col. 12,13,14. 

It would have been obvious to one having ordinary skill in the art at the time the 
invention was made to include in Anderson '202 about generating activity reports of the 
delegates of the user and wherein said allowing comprises allowing said user to view all 
reports, but allowing each said delegate to view only their own activity report, and not 
allowing each said delegate to view reports for other delegates as taught by Vance '526, 
in order to maintain the integrity of the tracking/reporting system. 
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Claim Rejections - 35 USC § 103 



1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 48-49 are rejected under 35 U.S.C. 103(a) as being unpatentable over 

Goldsmith US 6,064,990 [Goldsmith*990], and in further view of Vance *526. 

As per claim 48: 
Goldsmith'990 discloses; 

receiving transaction requests from a plurality of delegate users who are 
delegated from an owner. Col. 2, lines 60-67 

wherein the transaction requests include digital credentials for the users; Col. 2, 
lines 55-60 

processing the transaction requests; Col. 2, lines 60-67 

communicating transaction information to a central service, Col. 2, lines 60-67 

wherein the transaction information includes the digital credentials of the 
delegates. Col. 2, lines 50-55. 

Goldsmith '990 discloses the claimed invention except for the wherein said 
allowing comprises allowing said owner to view all reports, but allowing each said 
delegate to view only their own activity report, and not allowing each said delegate to 
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view reports for other delegates. 

Vance '526 teaches that it is known in the art to provide a wherein said allowing 
comprises allowing said owner to view all reports, but allowing each said delegate to 
view only their own activity report, and not allowing each said delegate to view reports 
for other delegates. It would have been obvious to one having ordinary skill in the art at 
the time the invention was made to provide the transaction request involving digital 
credentials of Goldsmith '990 with the ability of a user/owner (corporation) to view all 
reports, but allowing each said delegate to view only their own activity report, and not 
allowing each said delegate to view reports for other delegates, in order to maintain 
control and security of corporation expenditures. 

As per claim 49: 
Goldsmith further discloses; 

wherein processing the transaction requests includes communicating the digital 
credentials to the central service for verification. Fig. 1,10 

Claims 9,19,38 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Anderson [202], and further in view of Yacobi US 5,878,138 -Yacobi [138] 

As per claims 9,19,38: 

Anderson [202] discloses the claimed invention except for the analyzing the 
activity log to detect misuse of the digital credential. However, Anderson [202] does 
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disclose "Solutions to the problem of potential fraudulent usage ...must be built into the 
system at each stage..." Col. 36, lines 32-35. Yacobi [138] teaches that it is known to 
analyze the activity log to detect misuse of the digital credential. It would have been 
obvious to one having ordinary skill in the art at the time the invention was made to 
analyze the activity log to detect misuse of the digital credential as taught by Yacobi 
[138], since Yacobi [138] states at Col. 4, lines 8-9 that such a modification would 
provide that once fraud is detected, further perpetuation is prevented. 

Claims 11,21,40 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Anderson [202] , and further in view of Sudia US 5,659,616 Sudia [616] 

As per claims 1 1 ,21 ,40: 

Anderson [202] discloses the claimed invention except for the authorizing one or 
more delegates to use a delegated digital credential to act on behalf of the owner of the 
digital credential for specified functions, wherein verifying the use of the digital 
credential includes determining whether the delegated digital credential was authorized 
for the specific use. 

Sudia [616] teaches that it is known to authorize one or more delegates to use a 
delegated digital credential to act on behalf of the owner of the digital credential for 
specified functions, wherein verifying the use of the digital credential includes 
determining whether the delegated digital credential was authorized for the specific use. 
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It would have been obvious to one having ordinary skill in the art at the time the 
invention was made to authorize one or more delegates to use a delegated digital 
credential to act on behalf of the owner of the digital credential for specified functions, 
wherein verifying the use of the digital credential includes determining whether the 
delegated digital credential was authorized for the specific use as taught by Sudia [616], 
since Sudia [616] states at Col. 14, lines 61-67, Col, 15. lines 1-12, that such a 
modification would provide flexibility in the use of the digital signature. 

Claims 42-44 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Goldsmith US 6,064,990 [Goldsmith'990]. 

As per claim 42: 
Goldsmith *990 discloses; 

storing use information for a user; Col. 1 , lines 53-55 

processing the use information; Col. 1, lines 55-57 

generating an alert. Col. 1, lines 57-64. 
Goldsmith '990 discloses the claimed invention, as discussed above, except for the step 
of storing use information for a digital of a plurality of delegates who are delegated to 
use said digital credential by an owner processing the use information for each of said 
plurality of delegates to detect misuse. However, Goldsmith'990 is providing usage 
information on the activity of data associated with the user. It would have been an 
obvious matter of choice to modify the teachings of Goldsmith '990, to provide the step 
of storing use information for a digital certificate or any other type of data associated 
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with the user. Since the applicant has not disclosed that a digital certificate uniquely 
distinguishes itself from any other type of data which is unobvious to one of ordinary 
skill and it appears that the claimed feature does not distinguish the invention over 
similar features in the prior art since, the teachings of Goldsmith'990 will perform the 
invention as claimed by the applicant regardless of what the data is being used for or 
named. 

Goldsmith '990 discloses the claimed invention, as discussed above, except for 
the step of processing the use information to detect misuse. However, Goldsmith'990 
does process the information if the authentication is breached or for any unauthorized 
activity. Col. 2, lines 5-10. It would have been an obvious matter of choice to modify the 
teachings of Goldsmith '990, to call breaching the authentication protocol or 
unauthorized activity as a misuse of an account. Since the applicant has not disclosed 
that term "misuse" distinguishes itself from any other type breaching or unauthorized 
activity which is unobvious to one of ordinary skill and it appears that the claimed 
feature does not distinguish the invention over similar features in the prior art since, the 
teachings of Goldsmith'990 will perform the invention as claimed by the applicant 
regardless of what the breaching or unauthorized activity is called. 

Goldsmith *990 discloses the claimed invention, as discussed above, except for 
the step of generating an alert to the owner when misuse is detected. However, 
Goldsmith'990 does immediately notify a user of account activity. Col. 2, lines 5-10. 
Goldsmith'990 does include notification of any user-designated misuse of their account. 
Since the applicant has not disclosed that generating an alert when misuse is detected 
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distinguishes itself from any other type notification activity which is unobvious to one of 
ordinary skill and it appears that the claimed feature does not distinguish the invention 
over similar features in the prior art since, the teachings of Goldsmith'990 will perform 
the invention as claimed by the applicant and include misuse information in the user 
notification. 

As per claim 43: 
Goldsmith'990 further discloses; 

generating an activity report based on the use information. Fig. 3 
As per claim 44: 

Goldsmith '990 discloses the claimed invention, as discussed above, except for 
the step of wherein generating an alert includes alerting a credential service provider. 
However, Goldsmith'990 does disclose transforming the account activity message into 
an e-mail message and transmitting the e-mail message to the user provided e-mail 
address. Col, 6, lines 58-65. The user provided e-mail addresses are only limited by the 
user's imagination. It would have been an obvious matter of choice to modify the 
teachings of Goldsmith '990, to include in the user's e-mail a credential service provider. 
Since the applicant has not disclosed that alerting a credential service provider 
distinguishes itself from alerting any other type of organization which is unobvious to 
one of ordinary skill and it appears that the claimed feature does not distinguish the 
invention over similar features in the prior art since, the teachings of Goldsmith'990 will 
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perform the invention as claimed by the applicant regardless of who or what 
organization is alerted. 



Claim 46 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Goldsmith'990 and further in view of Sudia'616. 

As per claim 46: 

Goldsmith'990 discloses the claimed invention except for that the use information 
includes verification information for the digital credential. Sudia'616 teaches that it is 
known to verify digital credentials. It would have been obvious to one having ordinary 
skill in the art at the time the invention was made to verify digital information as taught 
by Sudia'616 and issue a report as taught by Goldsmith'990. 

Claims 50-52 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Goldsmith'990 and further in view of Anderson'202 and Sudia'616. 

As per claim 50: 

Goldsmith'990 discloses the claimed invention except for the verifying the digital 
certificate and communicating the result of the verification to the credential service, 
Anderson'202 teaches that it is known to verify digital certificates. It would have been 
obvious to one having ordinary skill in the art at the time the invention was made to 
verify digital certificates as taught by Anderson'202, since Anderson'202 teaches at Col. 
6, lines 40-55 verification of digital certificates. 
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Goldsmith'990 and Anderson'202 disclose the claimed invention except for 
communicating a result of the verification to the credential service. 

Sudia [616] teaches that it is known to verify the digital credential; and 
communicate the result of the verification to the credential service. 

It would have been obvious to one having ordinary skill in the art at the time the 
invention was made to verify the digital credential; and communicate the result of the 
verification to the credential service as taught by Sudia [616], since Sudia [616] states at 
Col. 14, lines 61-67, Col. 15, lines 1-12, that such a modification would provide flexibility 
in the use of the digital signature. 

As per claim 51: 

Goldsmith'990 and Anderson '202 discloses the claimed invention except for 
receiving a activity report from the central service, wherein the activity report lists the 
transaction information for each digital credential. However, Anderson [202] does 
disclose , "... send bank statements ... which reflects events of the transaction..." Col. 6, 
lines 5-58. It would have been obvious to one having ordinary skill in the art at the time 
the invention was made to store a result from a verification of a digital credential and a 
plurality of data fields to store transaction information relating to each verification result 
so that at a later time [a bank statement] could be generated. 
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As per claim 52: 

Goldsmith*990 discloses the claimed invention except for wherein the transaction 
information includes at least one of a message that was signed, a transaction value, an 
online service, an internet protocol (IP) address, a value of the transaction, a date of the 
transaction and a the time of the transaction. 

Anderson'202 discloses wherein the transaction information includes at least 
one of a message that was signed, a transaction value, an online service, an internet 
protocol (IP) address, a value of the transaction, a date of the transaction and a the time 
of the transaction. It would have been obvious to one having ordinary skill in the art at 
the time the invention was made to wherein the transaction information includes at least 
one of a message that was signed, a transaction value, an online service, an internet 
protocol (IP) address, a value of the transaction, a date of the transaction and a the time 
of the transaction as taught by Anderson'202, since Anderson'202 shows in Fig, 6 that 
transaction information includes at least one of a message that was signed, a 
transaction value, an online service, an internet protocol (IP) address, a value of the 
transaction, a date of the transaction and a the time of the transaction 

Claim 53-56 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Anderson'202, and further in view of Goldsmith'990. 

As per claim 53: 
Anderson'202 discloses; 



Application/Control Number: 09/608,402 Page 26 

Art Unit: 3621 

receiving a request from a medical professional to access medical information at 
a remote location, Fig. 26 

wherein the request includes a digital credential for the medical professional; 

Fig. 26 

communicating transaction information describing the access request and the 
digital credential to a credential verification service; Fig 26 

receiving a verification result from the credential verification service; Fig. 26 

providing the medical professional access to the medical information based on 
the verification result; Fig. 26 

Anderson'202 discloses the claimed invention except for receiving an activity 
report from the credential verification service and wherein the activity report lists the 
transaction information, the digital credential and the transaction result. Sudia'616 
teaches that it is known to receive an activity report from the credential verification 
service and wherein the activity report lists the transaction information, the digital 
credential and the transaction result. It would have been obvious to one having ordinary 
skill in the art at the time the invention was made to receive an activity report from the 
credential verification service and wherein the activity report list the transaction 
information, the digital credential and the transaction result as taught by Sudia'616. 
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As per claim 54: 
Anderson'202 further discloses; 

wherein the transaction information includes at least an access type, a date of 
the transaction and a time of the transaction. Fig. 6. 

As per claim 55: 
Anderson*202 further discloses; 

wherein the digital credential was provided by a credential issuing service and a 
credential service provider. Fig. 24 

As per claim 56: 
Anderson'202 further discloses; 

receiving a request to access the activity report from an owner of the digital 
credential; Col. 31, lines 10-67 

providing the owner access to the activity report. Col. 31, lines 10-67 

Examiner's Note: Examiner has cited particular columns and line numbers in the 
references as applied to the claims below for the convenience of the applicant. 
Although the specified citations are representative of the teachings in the art and are 
applied to the specific limitations within the individual claim, other passages and figures 
may apply as well. It is respectfully requested from the applicant, in preparing the 
responses, to fully consider the references in entirety as potentially teaching all or part 
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of the claimed invention, as well as the context of the passage as taught by the prior art 
or disclosed by the examiner. 



2. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Daniel L. Greene whose telephone number is 703-306- 
5539. The examiner can normally be reached on M-Thur. 8am-6pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, James P. Trammell can be reached on 703-305-9768. The fax phone 
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numbers for the organization where this application or proceeding is assigned are 703- 
305-7687 for regular communications and 703-305-7687 for After Final 
communications. 

Any Inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is 703-308- 
1113. 



DLG 
5/24/04 
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